Network interface devices, such as modems and Ethernet controllers provide a physical and logical connection between a network station and a network. Typical network stations include host computers, routers, and network servers. A network interface device is treated as part of the network station's physical and logical structure, on the same logical level as the network station's CPU, memory, and disk devices. A network interface device is also assumed to be a physical or link layer device within the Open Systems Interconnection (OSI) seven layer model of network architecture. The primary function of a network interface device is to translate data contained within the internal memory of the computer into a frame or packet suitable for transmission on the appropriate network, and to perform the reverse conversion upon receipt of a valid frame from the network. Modems, which are considered network interface devices for asynchronous access, may implement link-level data compression and error correction as part of this conversion and transmit/receive process.
The increased use of network applications and environments has led to great increases in the volume of traffic between computers over networks. Not only has the volume of network traffic increased, but the complexity of network transactions has increased as well. Many network applications now allow users to perform commercial or fee-based transactions which require the exchange or payment of money. Such applications often involve the transmission of confidential information, such as credit card or subscriber identification numbers. This increased use and complexity of network applications necessitates greater resource and access control over the computers and routers on a network in order to ensure that network traffic flows efficiently and that messages are transmitted securely. Current network interface devices lack certain essential features which are increasingly being required in modern network environments. These features include the ability to have a remote network station control the network interface of a host computer, and the ability to provide a logical representation of network services even when the host computer is disconnected from the network.
There are currently no Transmission Control Protocol/Internet Protocol (TCP/IP) fielded networked systems that provide secure and reliable in-band, network-based control of network interface devices within network stations. Some systems allow control from the network station to the remote server, for example, a telephone customer using the *69 call return feature to fetch information from the local telephone company switch. However, these systems do not allow remote server or network control over the network interface device within the network station. Such control is useful because it would allow a central network entity to control network traffic characteristics, such as bandwidth usage by stations on the network. However access to the network interface device from devices on the network other than the host computer within which the interface device resides raises several security concerns. Insecure access to the network interface device from the network may allow undesired exposure of data or sensitive information. It may also allow an improper configuration to be set which may result in a misdirection or even loss of data. It is thus desirable to provide a network interface device which allows secure control over operational characteristics of the network interface device from remote devices on the network.
Present networked systems also fail to provide secure and reliable local representation of network services within a network interface device for a host computer. In an environment in which a host computer accesses a fee-based application from a remote server, the network interface device (which is under the complete control of the network station) cannot contain any state information or object of value such as licenses, payment data or electronic rights-to-use, because this information can be modified, created (spoofed) or destroyed by the host computer. In current systems, electronic objects of value are stored in a secure manner on another station on the network, such as the remote server, and the host computer is required to use a network protocol such as Remote Procedure Call (RPC) to acquire the object from the remote server's secure storage system. These systems require that a network connection be maintained between the host computer and remote server during the time that the application is executed on the host computer, and also that the remote server and host computer transmit sensitive information (i.e., the license or payment data) over the network. These systems thus introduce connectivity and security constraints to a network application environment. It is thus further desirable to provide a network interface device which allows secure representation of network services to a host computer even when the host computer is disconnected from the network.
In addition, network interface devices in the prior art have various other disadvantages which are overcome by the present invention, as described in the detailed description which follows.